CVE-2023-24561

Name of the Vulnerable Software and Affected Versions Solid Edge SE2022 versions prior to V222.0MP12 Solid Edge SE2023 versions prior to V223.0Update2

Description A vulnerability has been identified in the affected application, related to the use of an uninitialized pointer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. The issue is associated with the parsing of specially crafted PAR files, which can lead to the execution of arbitrary code.

Recommendations For Solid Edge SE2022 versions prior to V222.0MP12, update to version V222.0MP12 or later. For Solid Edge SE2023 versions prior to V223.0Update2, update to version V223.0Update2 or later. As a temporary workaround, consider restricting the use of PAR files in the affected application until a patch is available.